mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-29 14:35:06 +01:00
Fix missing value limits for UserRole
position (#33172)
This commit is contained in:
parent
1992c2a4fa
commit
ca2a7d66b8
@ -41,6 +41,8 @@ class UserRole < ApplicationRecord
|
|||||||
EVERYONE_ROLE_ID = -99
|
EVERYONE_ROLE_ID = -99
|
||||||
NOBODY_POSITION = -1
|
NOBODY_POSITION = -1
|
||||||
|
|
||||||
|
POSITION_LIMIT = 2**31
|
||||||
|
|
||||||
module Flags
|
module Flags
|
||||||
NONE = 0
|
NONE = 0
|
||||||
ALL = FLAGS.values.reduce(&:|)
|
ALL = FLAGS.values.reduce(&:|)
|
||||||
@ -89,6 +91,7 @@ class UserRole < ApplicationRecord
|
|||||||
|
|
||||||
validates :name, presence: true, unless: :everyone?
|
validates :name, presence: true, unless: :everyone?
|
||||||
validates :color, format: { with: /\A#?(?:[A-F0-9]{3}){1,2}\z/i }, unless: -> { color.blank? }
|
validates :color, format: { with: /\A#?(?:[A-F0-9]{3}){1,2}\z/i }, unless: -> { color.blank? }
|
||||||
|
validates :position, numericality: { greater_than_or_equal_to: -POSITION_LIMIT, less_than_or_equal_to: POSITION_LIMIT }
|
||||||
|
|
||||||
validate :validate_permissions_elevation
|
validate :validate_permissions_elevation
|
||||||
validate :validate_position_elevation
|
validate :validate_position_elevation
|
||||||
|
@ -18,6 +18,16 @@ RSpec.describe UserRole do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'position' do
|
||||||
|
subject { Fabricate.build :user_role }
|
||||||
|
|
||||||
|
let(:excess) { 2**32 }
|
||||||
|
let(:limit) { 2**31 }
|
||||||
|
|
||||||
|
it { is_expected.to_not allow_values(-excess, excess).for(:position) }
|
||||||
|
it { is_expected.to allow_values(-limit, limit).for(:position) }
|
||||||
|
end
|
||||||
|
|
||||||
describe 'color' do
|
describe 'color' do
|
||||||
it { is_expected.to allow_values('#112233', '#aabbcc', '').for(:color) }
|
it { is_expected.to allow_values('#112233', '#aabbcc', '').for(:color) }
|
||||||
it { is_expected.to_not allow_values('x', '112233445566', '#xxyyzz').for(:color) }
|
it { is_expected.to_not allow_values('x', '112233445566', '#xxyyzz').for(:color) }
|
||||||
|
Loading…
Reference in New Issue
Block a user